Senior API Security Platform Engineer

Job Description:

The Team

This is a Senior Cyber Engineering role in the API Security team (part of the Application and Infrastructure Security Product Area) within the Enterprise Cybersecurity business unit.

The focus of this team is to enable API Security Solutions and processes that will help to improve the Security Posture of our APIs across our infrastructure.

The Expertise You Have

• 5+ years of experience in the field of software engineering ideally with a focus on Application or API Security
• Strong knowledge of API protocols/frameworks (e.g., REST, SOAP, GraphQL, gRPC), API gateways, Authentication and Authorization Protocols (OAuth2/OIDC/JWT etc.).
• Strong Understanding of OWASP API Security Top 10 and secure coding practices.
• Familiar with common API Vulnerabilities
• Familiarity with runtime security, eBPF, and traffic monitoring for API discovery would be considered a plus
• Expertise in API Security frameworks and experience with API Security Testing tools (DAST, AST, etc.) and Runtime API protection platforms would be considered a plus
• Any application security experience, including Pen Testing, Static Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Web Application Firewalls (WAF) would be considered a plus

The Skills You Bring

• Proven knowledge and experience of engineering principles, patterns and practices
• Experience with modern agile engineering approaches and focus on operational excellence.
• You have shown the ability to engage with other teams or vendors in a positive manner to collaborate to achieve a positive outcome
• Excellent interpersonal and communication skills 
• Strong analytical skills and ability to tackle issues and work through ambiguous situations by making timely decisions based on facts, knowledge, experience, and judgement. 
• You have a passion for continual learning and are always ready to guide, support and/or mentor other members of your team! 

The Value You Deliver

• You are a creator and a doer who will help us tackle real-life problems and meet real consumer needs.  

• Lead the end-to-end deployment of API security solution(s)
• Collaborate with development, operations, and security teams to ensure smooth integrations with other applications
• Monitor platform performance and ensure it aligns with the agreed KPIs and SLAs.
• Optimize platform configurations to detect and prevent API-related threats.

• Contribute to the planning, execution, and delivery of API security initiatives as part of the broader security improvement roadmap.
• Stay ahead of emerging threats and technologies, recommending improvements to the API security framework.

• Help integrate API security solutions into CI/CD pipelines for continuous testing and monitoring.
• Develop scripts and tools to streamline processes and conducting data analysis.

• Document processes, configurations, and lessons learned to ensure knowledge transfer across the organization.

Fidelity will reasonably accommodate associates with disabilities who need adjustments to participate in the application or interview process, or to perform the essential functions of their job.  

Category: